Siteminder Webagent and CORS


Article ID: 197220


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



We're running a Web Agent, and we'd like to know how to integrate it
to use the CORS headers as we've seen in Siteminder OIDC documentation section :

  Cross-Origin Resource Sharing (CORS) Support for OIDC Endpoints

Is there any support outside OIDC journey in the Web Agent ?




Web Agent 12.52SP1CR09 on Apache 2.4 on RedHat 6




At first glance, Web Agent doesn't support CORS header outside OIDC

An Idea has been submitted in the past, and it seems that you still
can configure the Web Server to handle these CORS headers :

  CORS on CA SPS Federation Gateway

  Ability to add HSTS and CORS headers to .fcc pages

The CORSConfiguration is implemented in CA Access Gateway (SPS) as
described in the same page :

  CORS Configuration in Administrative UI

    SiteMinder supports CORS using a new ACO parameter named
    CORSConfiguration in SPSDefaultSettings ACO template. The default
    template with new ACO parameter is shipped with Policy Server

    Note: The feature is supported only with Release 12.8.03 or higher
    Policy Server and Access Gateway.

In order to get this parameter to be added to Web Agent 12.52SP1, we
invite you to submit an Enhancement Request (Idea) :

  1. Go to the "All Ideas" page :
  2. Click on the "Add" button.
  3. In the "Select categories...", select "Layer7 Access Management".
  4. Write a title in the "title" box.
  5. Write a complete description of the Enahcement Request or
     Certification you'd like to post.
  6. Click on "Save" to get the Idea submitted !